Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Your Expert Advice

Re: Your Expert Advice

From: Jonathan Lewis <jonathan_at_jlcomp.demon.co.uk>
Date: Thu, 13 Jan 2000 15:39:26 -0000
Message-ID: <947778145.6719.0.nnrp-11.9e984b29@news.demon.co.uk> 






The trouble with that (in light of the novel)
is that   detail of audit is highly resource
intensive, and the IT manager who hacked
into the system would have to be a complete
bloody idiot to know how to attack the system
but forget that an audit trail is in place.



However, if you buy the right hacker, they
could possibly be able to disable the auditing
for this object temporarily but forget to
clean out the audit trail of their activity in
turning the audit trailing off and on.



Could you perpetrator be guilty by inference  -
i.e.


    The patient record is not what it should be.
    The audit trail says the IT manager switched
    off the patient detail audit for 5 minutes.



    therefore the IT manager fixed the record ?





--



Jonathan Lewis


Yet another Oracle-related web site:  http://www.jlcomp.demon.co.uk




Klaus Schuermann wrote in message <85j37n$19m$1_at_news02.btx.dtag.de>...


>I'm using so called Journal-Tables to record the changes


>in any row of data. If a row is changed, the image of this row before the


>change is automatically copied to journal table,


>along with the timestamp and username.


>Now you can compare the before and after image.


>You can see any change of any field.


>


>Klaus


>


>novelist <lisamorganNOliSPAM_at_mindspring.com.invalid> schrieb in im


>Newsbeitrag: 1b58ba3b.4ae6f6b0_at_usw-ex0109-070.remarq.com...


>> Greetings,


>>


>> I'm a high tech journalist who is working on a novel.  A


>> key part of the plot is discovering a hack job and perhaps


>> one of you experts could help.


>>


>> The scenario is doctor has hired a hacker to replace his ID


>> in the name field of a specific patient with someone


>> elses.  The hacker is an IT manager who's willing to break


>> the rules for a few extra bucks, but he forgets that his


>> password and login can be traced.


>>


>> Now, the real question is if electronic patient records


>> contain several fields, how could one prove that a specific


>> person altered a specific field on a specific date? So far


>> I've been told by software engineers that you'd only see a


>> change in the timestamp, in which case you couldn't prove


>> specifically what happened.


>>


>> I can't believe that's the real answer.  Could someone who


>> knows the answer please tell me what it is?


>>


>> Many thanks.





Received on Thu Jan 13 2000 - 09:39:26 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US